Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines.
LinuxSecurity.com Feature Extras:
Press Release: Guardian Digital Leverages the Power of Open Source to Combat Evolving Email Security Threats - Cloud-based email security solution utilizes the open source methodology for securing business email, recognized by many as the best approach to the problem of maintaining security in the relentlessly dynamic environment of the Internet.
You've Been Pwned! Best Practices to Prevent Your Email Account from Being Compromised in a Data Breach - An Interview with Dave Wreski, CEO of Guardian Digital
B0r0nt0K Ransomware Threatens Linux Servers (Mar 25)
A new cryptovirus called "B0r0nt0K" has been putting Linux and possibly Windows Web servers at risk of encrypting all of the infected domain's files.
US Government Leaks PII of 2m+ Disaster Survivors (Mar 25)
A US government agency responsible for disaster relief has accidentally leaked the personal data of millions of disaster survivors with a third-party contractor, it has revealed.
Android ecosystem of pre-installed apps is a privacy and security mess (Mar 26)
An academic study that analyzed 82,501 apps that were pre-installed on 1,742 Android smartphones sold by 214 vendors concluded that users are woefully unaware of the huge security and privacy-related threats that come from pre-installed applications.
Under Attack: Over Half of SMBs Breached Last Year (Mar 27)
Many small and midsize businesses work faster and harder than large enterprises, but they're just as vulnerable to cybercrime.
Researchers discover and abuse new undocumented feature in Intel chipsets (Mar 29)
At the Black Hat Asia 2019 security conference, security researchers from Positive Technologies disclosed the existence of a previously unknown and undocumented feature in Intel chipsets.
iOS 12.2 fixes bug that granted apps hidden access to the microphone (Mar 26)
Apple released yesterday iOS version 12.2 that, like never before, includes fixes for a considerable number of security-related issues, including some that are downright disturbing.
The Central Security Project: Vulnerability Reporting for Open Source Java (Mar 28)
When a security researcher finds a security bug, what do they do? Unfortunately, the answer sometimes is they search for the appropriate people to notify and, when they can't be found, end up posting the vulnerability to public email lists, the GitHub project, or even Twitter.
Cisco bungled RV320/RV325 patches, routers still exposed to hacks (Mar 28)
Cisco acknowledged yesterday that it bungled a crucial patch for a vulnerability in two router models. The company's shoddy initial patches allowed hackers to continue attacks throughout the past two months.
Covert data-scraping on watch as EU DPA lays down “radical” GDPR red-line (Mar 31)
An interesting decision came out of Poland's data protection agency this week after the watchdog issued its first fine under Europe's General Data Protection Regulation (GDPR).
What is a honeypot? A trap for catching hackers in the act (Apr 1)
A honeypot is a trap that an IT pro lays for a malicious hacker, hoping that they'll interact with it in a way that provides useful intelligence. It's one of the oldest security measures in IT, but beware: luring hackers onto your network, even on an isolated system, can be a dangerous game.
11 questions to ask before buying AI-enabled security software (Apr 1)
Infosec is complicated enough. Add AI/ML into your security software mix, and you may be asking for trouble. Or, choose the right vendor, and you could wind up with the best toys on the block. Here's what you need to know to wind up in the second camp.